HAProxy and HTTP Strict Transport Security (HSTS)

blog20201019-01.cfg

frontend www.mywebsite.com
    bind :80
    bind :443 ssl crt /etc/ssl/certs/mywebsite.com.pem
    http-request redirect scheme https code 301 unless { ssl_fc }
    default_backend servers

blog20201019-02.cfg

frontend www.mywebsite.com
    bind :80
    bind :443 ssl crt /etc/ssl/certs/mywebsite.com.pem
    http-request redirect scheme https code 301 unless { ssl_fc }

    # max-age is mandatory 
    # 16000000 seconds is a bit more than 6 months
    http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"

    default_backend servers